单选题You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()AGet-AppLockerFileInformationBGet-GPOReportCGet-GPPermissionsDTest-AppLockerPolicy
单选题
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()
A
Get-AppLockerFileInformation
B
Get-GPOReport
C
Get-GPPermissions
D
Test-AppLockerPolicy
参考解析
解析:
暂无解析
相关考题:
Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?() A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of administrative effort.What should you do?A.Configure an ADM template and add the template to the GPO.B.Configure an INF policy and add the policy to the GPO.C.Configure a Microsoft Windows installer package and add the package to the GPO.D.Configure RIS to include the registry entry.
You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.What should you do?A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()A、Get-AppLockerFileInformationB、Get-GPOReportC、Get-GPPermissionsD、Test-AppLockerPolicy
Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next()A、Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.B、Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.C、Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.D、Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
You have a single Active Directory directory service domain. You back up your domain controllers on a nightly basis. You perform Group Policy backups on a nightly basis. A Group Policy object (GPO) is accidentally deleted. You need to restore the GPO. What should you do?()A、 Perform a nonauthoritative restore of the Active Directory database.B、 Perform an authoritative restore of the Active Directory database.C、 Select the Import Policy option in the Group Policy Object Editor.D、 Restore the GPO by using the Group Policy Management Console.
You need to design a patch management strategy for Northwind Traders. What should you do?()A、Configure the Default Domain Policy Group Policy object (GPO) for the northwindtraders.com domain to configure client computers to download updates from the SUS server in New York. Configure the Default Domain Policy GPO for the boston.northwindtraders.com domain to configure client computers to download updates from the SUS server in New YorkB、Use Group Policy to configure client computers to download updates from a Windows Update server on the Internet. Configure the Default Domain Policy Group Policy object (GPO) with a startup script that runs Mbsacli.exe. Configure it to scan the computers in both of the branch officesC、Install and configure a SUS server in the Boston branch office. Configure the server to download updates from a Windows Update server on the Internet. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates and computers in the New York officeD、Install and configure a SUS server in each branch office. Configure the SUS servers to download updates from the New York SUS server. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates on computers in the New York office
Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales rganizational units. You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units. What should you do()A、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.B、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.C、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.D、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()A、In a Group Policy object (GPO), configure the autoenrollment settingsB、In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.C、On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.D、On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
You need to configure the security settings for the new app servers. Which two actions should you perform?()A、Create a Group policy object (GPO) for the web servers.B、Create a Group policy object (GPO) for the database servers.C、Modify the Default Domain Policy.D、Modify the Default Domain Controllers Policy.
Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()A、Create a group policy object (GPO) that enabled security center and link the policy to the domain.B、Create a group policy object (GPO) that enabled security center and link the policy to the domain controllers organizational unit (OU).C、Create a group policy object (GPO) and set the require trusted path for credential entry option to enabled. Link the policy to the domain.D、Create a group policy object (GPO) and set the require trusted path for credential entry option to Enabled. Link the policy to the domain controllers organizational unit (OU).
You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain. What should you do next?()A、 Configure Software Restriction Policies Group Policy settings.B、 Configure the Enable user control over installs Group Policy setting.C、 Assign all approved applications.D、 Publish all approved applications.
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional with themost recent service pack. All client computers have computer accounts in an organizational unit (OU) named CompanyComputers. The company requires all computers to be kept up-to-date with service packs and hotfixes from Microsoft. Administrators will manually update servers as required. You need to configure the network so that client computers are automatically updated as new critical updates are issued. What are two possible ways to achieve this goal?()A、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.B、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.C、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.D、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.
单选题You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain. What should you do next?()A Configure Software Restriction Policies Group Policy settings.B Configure the Enable user control over installs Group Policy setting.C Assign all approved applications.D Publish all approved applications.
单选题You need to design a software usage policy for the employees of Southbridge Video. The policy must meet business requirements. What should you do?()AConfigure the software restriction policy in the Default Domain Policy Group Policy object (GPO)BCreate a new connection object by using the Connection Manager Administration Kit (CMAK), and install the new connection object on all client computersCCreate and configure a local security policy on both of the ISA server computersDConfigure the Internet Explorer settings in the Default Domain Policy Group Policy object (GPO)
单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional computers. All client computers are running the most recent service pack. You install and configure Software Update Services (SUS) on a server named Testking1. You install the Automatic Updates client on all client computers. All client computer accounts are in the Clients organization unit (OU). Currently all client computers obtain their Windows security updates from Windows Update. You want all client computers, and no other computers, to obtain their updates from Testking1. You need to configure all client computers to obtain Windows security updates from Testking1. You need to accomplish this task with the minimum amount of administrative effort. What should you do?()ACreate a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.BCreate a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Specify intranet Microsoft updates service location policy to use http://Testking1 as the value for the update and statistics server.CCreate a Group Policy object (GPO) named SUS and link to the domain. Open the SUS GPO and enable the Specify intranet Microsoft update service location policy to use http://Testking1 as the value for the update and statistics server.DCreate a Group Policy object (GPO) named SUS and link it to the domain. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.
单选题Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales organizational units. You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units. What should you do()ACreate a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the cBCreate a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the usCCreate a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the uDCreate a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the co
多选题You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()AIn a Group Policy object (GPO), configure the autoenrollment settingsBIn a Group Policy object (GPO), configure the Automatic Certificate Request Settings.COn the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.DOn the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
单选题You are using windows installer to deploy an application to 750 Windows 2000 Professional computers on your network. The network includes organizational unit (OU) named sales. A Group Policy object (GPO) is created for the Sales OU. The application is successfully installed on the 740 out of 750 computers. The ten computers are unable to install the application what should you do to install that application on all the computers in the sales OU.What should you do?()ARepackage and re-deploy the application's .msi file to the Sales OUBRepackage and re-deploy the application's .mst file to the Sales OUCRe-deploy the application by using the Group Policy object (GPO for the Sales OU)DRestart Windows Installer service on the ten computers.
多选题You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal?()ACreate a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoComputers OU.BCreate a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoComputers OU.CCreate a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoUsers OU.DCreate a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoUsers OU.
单选题You need to design a patch management strategy for Northwind Traders. What should you do?()AConfigure the Default Domain Policy Group Policy object (GPO) for the northwindtraders.com domain to configure client computers to download updates from the SUS server in New York. Configure the Default Domain Policy GPO for the boston.northwindtraders.com domain to configure client computers to download updates from the SUS server in New YorkBUse Group Policy to configure client computers to download updates from a Windows Update server on the Internet. Configure the Default Domain Policy Group Policy object (GPO) with a startup script that runs Mbsacli.exe. Configure it to scan the computers in both of the branch officesCInstall and configure a SUS server in the Boston branch office. Configure the server to download updates from a Windows Update server on the Internet. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates and computers in the New York officeDInstall and configure a SUS server in each branch office. Configure the SUS servers to download updates from the New York SUS server. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates on computers in the New York office
单选题You are using windows installer to deploy an application to 750 Windows 2000 Professional computers on your network. The network includes organizational unit (OU) named sales. A Group Policy object (GPO) is created for the Sales OU. The software deployment of the application is successful. Now, you want to install that application in the customized form. What should you do? ()ARepackage and re-deploy the application’s .msi file to the Sales OUBRe-deploy the application’s .mst file to the Sales OU.CRe-deploy the application by using the Group Policy object (GPO for the Sales OU)DRestart Windows Installer service on the ten computers.